Acting Assistant Attorney General for National Security Dana
J. Boente, U.S. Attorney Beth Drake of the District of South Carolina,
Assistant Director Scott Smith of the FBI’s Cyber Division and Special Agent in
Charge Alphonso Norris of the FBI’s Columbia, South Carolina Field Office made
the announcement.

According to the allegations in the superseding indictment
filed in Columbia, South Carolina, beginning in or around October 2007, Abedian
and Jeloudar, residing in the Islamic Republic of Iran, conspired together to
violate multiple U.S. criminal statutes.Specifically, the indictment alleges they obtained stolen credit card
numbers and related personal information by hacking and otherwise, and used
that information to fraudulently and by extortion obtain money, goods and
services from U.S.-based and foreign victims.

As part of the conspiracy, between 2011 and 2016, Abedian
used malicious software, or “malware,” to capture the credit card and other
personal information of individuals who had transacted with certain merchants’
websites.Abedian then used that
information to commit identity theft and to obtain goods and services by fraud,
and, on some occasions, Abedian then transmitted the stolen information to
Jeloudar.For example, on or about Feb.
21, 2012, Abedian sent Jeloudar approximately 30,000 names and numbers, which
he said were unauthorized credit card numbers and associated information.As part of the conspiracy, in or around March
2012 and April 2012, Jeloudar ordered and obtained various equipment, servers,
and internet hosting services from a provider in South Carolina using stolen
credit card numbers and other personal identifiers.

The superseding indictment further alleges that, in January
2017, Jeloudar contacted a California-based online merchant and threatened to
disclose its customers’ credit card numbers and other related information
previously obtained by hacking the merchant‘s website, unless it made a Bitcoin
payment to Jeloudar.Jeloudar also
threatened to disclose to the company’s customers that their private
information had been compromised and launched a denial-of-service attack on the
company’s website.

The charges in the indictment are merely accusations and the
defendants are presumed innocent unless and until proven guilty.

The FBI’s Columbia, South Carolina Cyber Squad investigated
the case.The case is being prosecuted
by Assistant U.S. Attorney Eric Klumb of the District of South Carolina and
Trial Attorney Heather Alpino of the National Security Division’s
Counterintelligence and Export Control Section.